Reason Why L2 Per Frame Authentication Is Required Month Year doc.: IEEE 802.11-yy/xxxxr0 June 2018 Reason Why L2 Per Frame Authentication Is Required Date: 2018-06-18 Authors: Hitoshi Morioka, SRC Software John Doe, Some Company

Month Year doc.: IEEE 802.11-yy/xxxxr0 June 2018 Abstract This presentation describes the reason why L2 per frame authentication is required for BCS. Hitoshi Morioka, SRC Software John Doe, Some Company

System Structure Assumption June 2018 System Structure Assumption STA Internet Server AP STA STA IP Multicast IEEE802.11 Multicast Simplify Server Router AP STA STA selects information by ID of information (e.g. SSID) Hitoshi Morioka, SRC Software

Case 1: No Authentication June 2018 Case 1: No Authentication Server Router AP STA Spoofing MAC address and Information ID Rogue AP If no authentications are provided, a malicious user can make a fake AP easily by spoofing AP’s MAC address and Information ID. Rogue AP can do the following attacks. DoS attack by injecting invalid frames to the stream Distributing fake information Hitoshi Morioka, SRC Software

Case 2: Existing GTKSA Server Router AP STA Rogue AP June 2018 Case 2: Existing GTKSA Server Router AP STA Spoofing MAC address and Information ID Rogue AP The existing GTKSA provides per frame authentication and encryption to the multicast frames. The GTKSA uses symmetric algorithm. A malicious user who can join the GTKSA can make a fake AP. The existing GTKSA is not suitable for public use. Hitoshi Morioka, SRC Software

Case 3: Application Layer Per Packet Authentication (No Fragmentation) June 2018 Case 3: Application Layer Per Packet Authentication (No Fragmentation) Server Router AP STA Preinstalled CA Public Key Private Key Public Key Verify Sign by CA Sign Data Sign Data Sign Data Sign Data Sign Data Sign Data Sign Verify The server generates private/public key pair. The CA signs the server’s public key. The server distributes the public key to STAs with CA signature. The STAs verify the server’s public key by preinstalled CA’s public key. The server signs each packet by the private key. The STAs can verify each packet by the public key. If the packets are never fragmented by the router on the path, it will work well. Hitoshi Morioka, SRC Software

June 2018 Case 4: Application Layer Per Packet Authentication (With Fragmentation) Private Key Public Key Server Router AP STA Data Sign Data Data Data Data Invalid Data Sign Sign Invalid Data Malicious Sign Same as Case 3 except the router fragments packets. If an invalid frame is injected between fragmented packets, the STA will fail to verify and discard whole packet. Malicious user can cause DoS attack by injecting an invalid frame between fragmented packets. For unicast, the server can avoid fragmentation by performing path MTU discovery and use DF flag. For multicast, the server cannot perform path MTU discovery and the routers never returns ICMP “fragmentation required” message even if the packet size exceeds MTU. (IPv4) Hitoshi Morioka, SRC Software

Case 5: L2 Per Frame Authentication June 2018 Case 5: L2 Per Frame Authentication Private Key Public Key Server Router AP STA Data Data Data Data Invalid Data Sign Sign Malicious The AP generates private/public key pair. The AP distributes the public key to STAs. The AP signs each frame by the private key. The STA can verify each frame by the public key. The STA can detect invalid frames and discard them. Of course, it can be used with application layer authentication. Hitoshi Morioka, SRC Software